Want to delete VMDK file containing sensitive data?

Couple of times, query was asked on VMTN “how to delete the content of VMDK file or what is the best practice to delete VMDK file securely so that it will be more difficult to recover the same content again. In the purview of the same, I thought it is worth to write blog post which explains E2E steps for the same.

This can be easily achieved using “vmkfstools” : It is vSphere CLI for managing VMware volumes . (Learn more about vmkfstools here). Here we go.

1. Power off or shutdown the VM.

2. Record the name of the “datastore” in which VMDK file to be deleted is available.

3.  SSH (through putty) to ESXi host where VM is available.

VMDK content deletion

4. Go to the directory where VMDK file available. i.e. “/vmfs/volumes/<data_store recorded=”” in=”” 1st=”” step=””>/#” . We need to zero out entire content of VMDK to be deleted.

5. run this command : /vmfs/volumes/<data_store recorded=”” in=”” 1st=”” step=””>/#vmkfstools -w <vmdk_file_name.vmdk>

6. Zeroing will start, once the zeroing is done, you can delete the VMDK straightway from VI client >>datastore OR by using vmkfstools itself with “-U” option. (Refer: Above screen for all the steps, I have deleted VMDK using vmkfstools itself)

Now, it will be very difficult to reconstruct the content of the VMDK from physical disk. is not it simple? Note that, this is a best practice to delete the VMDK file when VMDK content has sensitive/confidential data. If the VMDK content is not sensitive, deleting the VMDK directly would be sufficient.